Enterprises with remote sites, such as corporations, consulting firms, and law firms, have typically formed wide area networks (“WANs”) using frame relay networks or time division multiplexing (“TDM”) leased lines. Some larger enterprises have formed WANs using asynchronous transfer mode (“ATM”) networks. Those enterprise WANs over the connection-oriented frame relay, TDM, and ATM networking technologies typically provide connectivity between computers in the various enterprise sites, reachability among users in the sites, guaranteed quality of service, priority schemes regarding communications, and relatively good security for data and addresses.
In contrast to the enterprise-oriented connection-oriented networking technologies with centralized control is the Internet, which has exploded in popularity in recent years. The Internet is a loose collection of networks organized into a multilevel hierarchy using a wide variety of interconnection technologies. The Internet is a connectionless datagram switching scheme bound together by addressing, routing, and IP but with decentralized control. Rather than focusing on enterprise communications, the Internet is focused on global packet transport, which involves the forwarding of packets. The Internet is widely used for accessing the World-Wide Web and for global email, but has generally been deficient with respect to certain communications services valued by enterprises, such as security, connectivity, and quality of service.
Because of the widespread use of different kinds of wide-area network technologies, such as frame relay, ATM, TDM, and IP, network providers have had to build and maintain several different networks to satisfy the needs of network users, such as individuals and enterprises. This has been very expensive. Moreover, enterprises have had to pay high fees to use the connection-oriented WAN technologies in order to get the level of service demanded by those enterprises.
Attempts have been made to make the Internet more enterprise friendly. For example, a virtual private network (“VPN”) with an IP backbone is described in BGP/MPLS VPNs by E. Rosen and Y. Rekhter, Request for Proposal (“RFC”) 2547, Network Working Group, Internet Engineering Task Force (“IETF”) (March 1999) (“RFC 2547”). A VPN is an IP connection between two sites over a public IP network that has its payload traffic encrypted so that only the source and destination can decrypt the traffic packets. The RFC 2547 document discloses using multiprotocol label switching (“MPLS”) for forwarding packets over the background and using border gateway protocol (“BGP”) for distributing routes over the backbone. Although RFC 2547 briefly suggests some quality of service techniques, the focus of RFC 2547 is on the transport of packets. Moreover, the VPN scheme described in RFC 2547 is a transport tunnel that starts at the network side, rather than a scheme that starts at the end-user's side.
Another attempt to make the Internet more enterprise friendly is the layer two tunneling protocol (“L2TP”) described in Layer Two Tunneling Protocol “L2TP” by W. Townsley et al., RFC 2661, Network Working Group, IETF (August 1999) (“RFC 2661”). The RFC 2661 document discloses a scheme for facilitating the tunneling (i.e., encapsulating) of point-to-point protocol (“PPP”) packets across an intervening network in a way that is as transparent as possible to both end-users and applications. Although RFC 2661 describes a scheme that starts at the end-user's side, the focus of RFC 2661 is PPP and the transport of packets.